How to Use Route Prefixes to Create Routing Filters in Junos

The fundamental purpose of routing policies is to prevent certain routes from being either accepted into your routing table or advertised to some adjacent router. Sometimes, matching specific routes or a set of routes is useful. To do so, you use a route filter.

Route filters match on specific IP addresses or ranges of prefixes. Much like other routing policies, they include some match criteria and then a corresponding match action. The basic configuration resembles the following:

[edit policy-options]
policy-statement my-route-filter {
  term router-filter-term {
   from {
     router-filter prefix/prefix-length match-type;
   then {

This basic configuration outline matches a route against the specified filter. If the route matches, the defined action is taken. If it doesn’t, the next term or policy is evaluated. As with other policies, if no match occurs, the protocol default action executes.

An important difference between route filters and other policy match conditions is how multiple filters are handled. If you have more than one match condition, the conditions are treated as a logical AND, meaning all of them must be true for it to be considered a match. With route filters, the presence of multiple filters represents a logical OR, meaning it’s a match if the route matches any of the configured filters.

If you want to effectively create route filters, you need to make sure that you understand route prefixes and prefix lengths. An IPv4 address in dotted decimal notation is really just a shorthand way of representing a 32-bit address. For example, the address represents the following 32-bit address:

11000000 10101000 00100000 00000100

So, when you add a prefix length to this IP address, you’re specifying the number of significant digits in the expanded 32-bit address to include. If you want to match a prefix length of 24 (192.168.32/24, for example), you’re really identifying the first three octets in the address.

Usually, the prefix covers the network address portion of the IP address (the rest of the bits form the host address), but not always. The fewer bits the prefix includes, the more network addresses that are covered. A prefix like 10/8 covers more than 16 million networks, whereas 192.168.32/24 covers only 254.

blog comments powered by Disqus

Inside Sweepstakes

Win $500. Easy.